Is email secure?

We are often asked the question “Is email secure?”. 99 times out of 100 the answer is no. It is possible to have a secure email but it comes with overhead, cost and complexity. The question might be what is it you want to achieve? – perhaps your security goal and/or standard is something other than absolute true security. True security implies:

Only you as the sender and your intended receiver know that a communication has taken place between the parties. (Ideally no one should know but the mechanics of email will have to leave a trail that an email was dispatched/received)

Only you and your intended receiver know the information in existence

Only you and your intended receiver can actually see the contents of the email

Both you and your intended receiver can be sure that what the receiver gets is what the sender sent, i.e. there have been no hacks or corruption.

All this applies also to any attachments and meta data associated with the email.

To achieve the maximum possible security towards the goals above you must have encryption as a starting point. Usually these solutions secure the content between the sender and intended receiver by the use of encryption keys, but this comes with overhead and cost. Even with encryption there is metadata associated with every email that wraps the content and tells the technical infrastructure what to do with the email and this information has value to individuals and organisations who may have malicious intent. (Headers, addresses from, to and related info.). Alternatively you can use a service provider like Silent Circle, this comes with a cost and both parties need to be within the Silent Circle Infrastructure and software framework.

However there are other lower level drivers that do not require this high level of security. Think of the analogy of registered post: one or both parties want absolute evidence of the dispatch and receipt of a package and comfort that it has not been opened. There are many situations in the digital world where the requirement is the same, particularly email. Where there is certified evidence required that an email was dispatched on a date and time, by an identified sender, also that it was delivered on a date and time to an identified receiver, also that if ever required the email content and attachments can be proven to be the original content and has not been tampered with in any way.

That’s the use case (registered post for email) that Digiprove addresses with its Certified Email service, for users who require evidence of the transmission and content and an audit trail. This can be for legal or regulatory needs or just assurance between the parties that the communication has occurred and the content of that communication is assured and if ever required in the future there is indisputable evidence of the parties, the provenance (Dates, times, content) and the authenticity of any email or related content. Send a Digiprove certified email now

The GNU General Public License is a free, copyleft license for software and other kinds of works. You may re-publish the content (modified or unmodified) providing the re-publication is itself under the terms of the GPL.